Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1003480lqm; Thu, 2 May 2024 02:14:28 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWKgCCkWYAohBfM+oFJOD4mOYXMQvdWzDX6cI8yblhr7jbqDjFCe0KAGXPRFrDlaAmtG6zd2VB6iqMQyUj26K0ga+sLgEI0HJIpddwVFw== X-Google-Smtp-Source: AGHT+IEeiBdKx5Fnc/M1a0+9q0X2r3j9l9rH+/gluOPafaKHci90fXiRz7dCds7wscoG3hWVftto X-Received: by 2002:a05:6402:11c8:b0:56b:829a:38e3 with SMTP id j8-20020a05640211c800b0056b829a38e3mr4086648edw.16.1714641268798; Thu, 02 May 2024 02:14:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714641268; cv=none; d=google.com; s=arc-20160816; b=z5wMP9lbaIQB0DNFT26O1WRaselSMO5HnwS/w4HjauDKWgK+2xiX7ILqCzijb/92Qe IJ8r8t0mhLFWKgsRQGjdIRqrZPB5drAnBbsp4PjXOt+8qSkiZPAZYSi5JvpZOUojdrdN +DtWxvawSwOm561xVCYhJ155WlA+JRP1k+peXzSShuTZjxpTvqVFOogQ4/v4jW6OoZqb QJ3vfNw9VBk5VgdYxvEodKCSjkf+OIRh6BBIIQlYWiZvTkQ1OBWkt1dfPAJBcPXcEJ9u Ld12r2WNgen6z/B3xnrU88w3yLelt6a4vLFiyQATH0R3lqEFhJYu4SXt4Y5lquvp9asG uAUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:in-reply-to:content-disposition:mime-version:references :message-id:to:from:date:feedback-id:dkim-signature:dkim-signature :delivered-to:reply-to:list-id:list-subscribe:list-unsubscribe :list-help:list-post:precedence:mailing-list; bh=F3n3Av1mY6W49Kve62mkWR02vgSwU/4F3yYdrIzT8Fs=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=kdVyDCwHVLyTaPp06cmhMo6yrkZS2EcbpE85KUmwxe8M8ycDmgK2BRNBIe0W/CMV9N GNqd/lPxtPryPRkPKjt7N/lh4hRymd1StXpBTcJnNIGJpY1ybSNyngiy8WG0rPrLtnEc mtDnnnLchXUe9VZML1HJnXv40QfErSdsw1YwmyOoCkIVCM8mvXV4o0FioTRMz0B55JCc mOEMWv0MGYnK+/9NJhUcEyjcQ9dVxG9FLE+C0lTGaNhz8/A0h1L3jTUIH+qsprYyINg5 VURNYYn9nOSt/KcQzQD0zqIpErW2zY4QboQwuxSM5HL4giDEf/EBQGEwLjpPXW3eYiav wmFA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@kroah.com header.s=fm3 header.b=nHKXry24; dkim=fail header.i=@messagingengine.com header.s=fm3 header.b="OVPF/u09"; spf=pass (google.com: domain of oss-security-return-30108-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30108-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kroah.com Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id t9-20020a05640203c900b005727b0ab6d5si304131edw.265.2024.05.02.02.14.28 for ; Thu, 02 May 2024 02:14:28 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30108-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=fail header.i=@kroah.com header.s=fm3 header.b=nHKXry24; dkim=fail header.i=@messagingengine.com header.s=fm3 header.b="OVPF/u09"; spf=pass (google.com: domain of oss-security-return-30108-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30108-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kroah.com Received: (qmail 30025 invoked by uid 550); 2 May 2024 09:14:09 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Received: (qmail 30001 invoked from network); 2 May 2024 09:14:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1714641239; x=1714727639; bh=F3n3Av1mY6 W49Kve62mkWR02vgSwU/4F3yYdrIzT8Fs=; b=nHKXry24SRC1nTIgazQ9DGF8dB g+nWVsyqZY9nWS94+zEv8YRtX3pMpYs51WVoxlFNE3sSdqD/sYkUwIPEfowZOgvw 9r6K+6R+E+niKT+kVdD96oA4lTMMk7QAEFXVTCd/zTzImf75hnPTxi2L+ldINISS mk+kLpgVqPDJtqWoma3XISYOHDyka/c0HtN+mGBVnKb30eZtZf71Q9w5LYxVqSLM UZ/tY8Fv58Yux8AJBnhbbdgyxQt2mkLXaS8auSkWZ68A0sp48SW+VkadkJQd3Onh i2TP5xZrNHQZMoVBF63pm8eNVlMKJDRpT9D7P5QQev+37PdAzrZxaDiWzH5A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1714641239; x=1714727639; bh=F3n3Av1mY6W49Kve62mkWR02vgSw U/4F3yYdrIzT8Fs=; b=OVPF/u090l2rNtHF2KuMZqBHQC+Yd2FFlS/N3h+dvOjc rvNW6b3hHf9MQQJry6I78g0/yDN1rRmQ1oTv4Ps3w0WvT5UeTYVQvt2SsZuyyu5J MSLXEs7mAdir5+uTKmNZCaV/D7XuKh9Izjq0HXn5KXKkUzXS0fKv4rv4sDP15rGP IEwn67naYjlrxclY3YwIMnQTF/mYcAFnKAF4hFBZuJthctHujD/DXWf5BMPN8diI VJ9dnqot9YQ4mgR/6KhMjc78lHD6y2AnhPW8lOeb9f2fXcpz8ke4HIdTaVN7wxaB VX9ah2SdJ+2pGyH3Lo6NTadmlUAw5CsMJ/wvRd/t3A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvddukedgudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre dttddtvdenucfhrhhomhepifhrvghgucfmjfcuoehgrhgvgheskhhrohgrhhdrtghomheq necuggftrfgrthhtvghrnhepueelledtheekleethfeludduvdfhffeuvdffudevgeehke egieffveehgeeftefgnecuffhomhgrihhnpehkvghrnhgvlhdrohhrghenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehgrhgvgheskhhrohgrhh drtghomh X-ME-Proxy: Feedback-ID: i787e41f1:Fastmail Date: Thu, 2 May 2024 11:13:56 +0200 From: Greg KH To: oss-security@lists.openwall.com Message-ID: <2024050229-overrun-crowbar-7f89@gregkh> References: <7e78b8d8-860c-47f5-bbec-a967c277d539@oracle.com> <2661c15d-52d3-41b7-a725-cc66c2094ba4@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2661c15d-52d3-41b7-a725-cc66c2094ba4@oracle.com> Subject: Re: [oss-security] Re: CVEs issued by the Linux kernel CNA On Wed, May 01, 2024 at 01:27:06PM -0700, Alan Coopersmith wrote: > On 2/20/24 15:30, Alan Coopersmith wrote: > > As recently announced [1], kernel.org is now a CNA for the Linux kernel, and > > today issued its first 8 CVEs, as seen in the archives of their mailing list > > at https://lore.kernel.org/linux-cve-announce/ . > > > > Their documentation [2] warns that we should expect a "seemingly large number > > of CVEs that are issued by the Linux kernel team". > > Quantifying this a bit more now - Greg K-H provided some stats so far in: > https://social.kernel.org/notice/AhSCMVs4RofbnTftGS > > which says: > > > Year Reserved Assigned Rejected Total > > 2019: 47 2 1 50 > > 2020: 37 13 0 50 > > 2021: 39 304 7 350 > > 2022: 7 43 0 50 > > 2023: 60 180 10 250 > > 2024: 107 435 8 550 > > Total: 297 977 26 1300 > > > > > > Anything older than 2023 is us back-filling in from the GSD database, and we > > still have a long way to go for there. Some 2023 ones are in there too from > > GSD, but mostly not, all of 2024 is since we took over being a CNA. And, if anyone wants to play along at home, they can get the same information directly from our git repo at: https://git.kernel.org/pub/scm/linux/security/vulns.git/ by cloning it locally and then running: $ ./scripts/summary Year Reserved Assigned Rejected Total 2019: 47 2 1 50 2020: 37 13 0 50 2021: 39 304 7 350 2022: 7 43 0 50 2023: 60 180 10 250 2024: 107 435 8 550 Total: 297 977 26 1300 No need for anyone to rely on random updates from me on social.kernel.org for that type of thing. thanks, greg k-h